Project

General

Profile

Actions

Bug #19051

closed

Incorrect pointers in global_cc_cache_table when compacting

Added by eightbitraptor (Matthew Valentine-House) over 1 year ago. Updated about 1 year ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:110273]

Description

Github PR 6531

During auto-compaction, T_IMEMO objects get moved around the heap. vm->The global_cc_cache_table is an array of pointers to callcache objects, stored as T_IMEMO's of type callcache on the GC heap. These pointers are never updated during the update references step of compaction. If the T_IMEMO object gets moved and another object allocated in the same slot, then the contents of the global_cc_cache_table will be incorrect, resulting in a crash when attempting to access it.

An example of this is during the mark phase when we attempt to check the validity of the callcache entry before marking it, but the object is not actually a callcache.

-- C level backtrace information -------------------------------------------
/usr/local/ruby/bin/ruby(rb_print_backtrace+0x11) [0x5610067b325e] vm_dump.c:759
/usr/local/ruby/bin/ruby(rb_vm_bugreport) vm_dump.c:1045
/usr/local/ruby/bin/ruby(rb_bug_for_fatal_signal+0xec) [0x5610068603bc] error.c:821
/usr/local/ruby/bin/ruby(sigsegv+0x4d) [0x561006706d9d] signal.c:964
/lib/x86_64-linux-gnu/libpthread.so.0(__restore_rt+0x0) [0x7f87ce6ea420]
/usr/local/ruby/bin/ruby(vm_cc_invalidated_p+0x4) [0x5610067acb84] vm_callinfo.h:369
/usr/local/ruby/bin/ruby(rb_vm_mark) vm.c:2652
/usr/local/ruby/bin/ruby(gc_mark_roots+0x55) [0x5610065f4305] gc.c:7180
/usr/local/ruby/bin/ruby(gc_marks_start+0x13) [0x5610065f6450] gc.c:7852
/usr/local/ruby/bin/ruby(gc_marks) gc.c:8149
Actions #1

Updated by eightbitraptor (Matthew Valentine-House) over 1 year ago

  • Description updated (diff)
Actions #2

Updated by peterzhu2118 (Peter Zhu) about 1 year ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0